Privacy Policy

Updated 10 February 2026

1. Introduction

We are committed to safeguarding the confidentiality, integrity, and availability of all information entrusted to us by our clients, website visitors, partners, and stakeholders. Information security is a core component of our professional responsibility, particularly in the delivery of audit, tax, accounting, advisory, certification consultancy, ISO/IMS audits, project reporting, and tender-related services.

This Privacy Policy and Information Security Commitment explains how information is collected, processed, stored, protected, disclosed, retained, and disposed of, in compliance with applicable laws, professional standards, and information security best practices aligned with ISO/IEC 27001.

By accessing our website or engaging our services, you acknowledge and agree to the practices described in this policy.

2. Scope and Applicability

This policy applies to:

  • All visitors accessing our website
  • Clients and prospective clients
  • Employees, consultants, and authorized representatives
  • Vendors, service providers, and business partners
  • All information processed in physical, electronic, or verbal form

This policy covers information processed across all services, including audits, taxation, accounting, advisory, business incorporation, ISO certification consultancy, IMS audits, project reports, and tender submissions.

3. Information We Collect

3.1 Personal Information

We may collect personal information including but not limited to:

  • Name, designation, organization name
  • Contact details (email address, phone number, postal address)
  • Identification information required for statutory or regulatory purposes

3.2 Business, Financial, and Confidential Information

Depending on the nature of engagement, we may process:

  • Company incorporation and statutory records
  • Financial statements, accounting records, and audit documentation
  • Income tax, GST, and compliance-related information
  • ISO certification, IMS audit, and management system documents
  • Project reports, feasibility studies, and tender documentation
  • Contracts, agreements, and regulatory correspondence

3.3 Technical and Website Usage Information

When users visit our website, we may automatically collect:

  • IP address and browser type
  • Device and operating system information
  • Website access logs and interaction data

4. Lawful Basis and Purpose of Processing

Information is collected and processed strictly for lawful, legitimate, and defined purposes, including:

  • Delivery of professional services and contractual obligations
  • Compliance with statutory, regulatory, and professional requirements
  • Business incorporation, filings, and regulatory submissions
  • ISO certification consultancy and management system audits
  • Project evaluation, reporting, and tender submission support
  • Client communication and service improvement
  • Risk management, dispute resolution, and legal compliance

We adhere to the principle of data minimization, collecting only the information necessary for the intended purpose.

5. Information Security Framework (ISO 27001 Alignment)

We implement a structured Information Security Management framework aligned with ISO/IEC 27001, based on risk assessment and continual improvement.

5.1 Confidentiality

  • Access to information is restricted to authorized personnel
  • Role-based and need-to-know access controls are enforced
  • Confidentiality obligations apply to all staff and partners

5.2 Integrity

  • Controls are in place to prevent unauthorized modification, deletion, or corruption of information
  • Validation and review mechanisms ensure accuracy and completeness

5.3 Availability

  • Information is made available to authorized users when required
  • Operational controls ensure continuity of service and data accessibility

6. Confidentiality and Professional Ethics

We adhere to strict professional ethics and confidentiality obligations applicable to audit, tax, advisory, and consultancy services. All information received from clients is treated as confidential, regardless of format or medium.

Employees, consultants, and third parties are bound by:

  • Confidentiality agreements
  • Professional codes of conduct
  • Internal information security policies

7. Access Control and Authorization

Access to information is managed through:

  • Defined user roles and responsibilities
  • Authorization mechanisms based on job function
  • Periodic access reviews and revocation where necessary

Unauthorized access, disclosure, or misuse of information is strictly prohibited.

8. Information Sharing and Disclosure

We do not sell, rent, or trade personal or business information.

Information may be disclosed only:

  • To statutory authorities, regulators, or certification bodies when legally required
  • To auditors, consultants, or service providers under confidentiality obligations
  • To comply with court orders or lawful requests

All disclosures are limited to the minimum necessary information and protected by appropriate safeguards.

9. Data Security Measures

We implement reasonable and appropriate security measures, including:

  • Administrative controls (policies, procedures, training)
  • Technical controls (restricted access, secure systems)
  • Physical controls (controlled access to premises and records)

Security controls are reviewed periodically to address emerging risks and changes in operations.

10. Data Retention and Secure Disposal

Information is retained only as long as required to:

  • Fulfill contractual and professional obligations
  • Comply with statutory record retention requirements
  • Support audits, legal proceedings, or dispute resolution

Upon expiry of retention periods, information is securely deleted, destroyed, or anonymized using appropriate methods.

11. Cookies and Website Analytics

Our website may use cookies to:

  • Enhance user experience and website functionality
  • Analyse website traffic and usage trends

Cookies do not collect sensitive personal information unless explicitly provided. Users may manage cookie preferences through browser settings.

12. Data Subject Rights

Where applicable, individuals may:

  • Request access to their personal information
  • Request correction of inaccurate or incomplete data
  • Request deletion of personal data, subject to legal obligations
  • Withdraw consent for non-essential data processing

Requests are handled securely and in accordance with applicable laws.

13. Third-Party Websites

Our website may contain links to external websites. We are not responsible for the privacy or information security practices of third-party websites. Users are encouraged to review third-party policies independently.

14. Information Security Incident Management

We maintain defined procedures to manage information security incidents, including:

  • Identification and reporting of incidents
  • Containment and impact assessment
  • Corrective and preventive actions
  • Legal or regulatory notification where required

Incidents are reviewed to prevent recurrence and improve controls.

15. Policy Review and Updates

This policy is reviewed periodically and updated as necessary to reflect:

  • Legal and regulatory changes
  • ISO 27001 requirements
  • Changes in business operations or services

Updated versions will be published on our website.

16. Contact Information

For questions, concerns, or requests regarding privacy or information security, please contact us using the details provided on our website.

17. Our Commitment

We recognize that information security and privacy are fundamental to trust. We are committed to maintaining robust information security controls, professional confidentiality, and regulatory compliance, aligned with ISO/IEC 27001 principles, across all our services.

 

Instant Inquiry
Instant Inquiry